Updating our favourite OS is something we have to live with no matter what the flavour.
Out of the box LXLE does do security updates automatically but that's it.
As you may know this process is handled via unattended-upgrades.
You can see the activity in /var/log/unattended-upgrades.

This is all very well, but applications also need to be updated as well as other libraries etc etc.
For a whole host of reasons I have been looking at my system and thinking that if for any reason I'm not here my wife will be using a machine that will gradually go out of date. She is absolutely non technical.

So, I decided to look at making unattended upgrades look after things.

With he exception of xorg I cannot remember any update ever breaking any of my machines provided I haven't installed any odd kernel versions. So, as I always just agree to updates what's the point in not automating them?

I'm not going to re-invent the wheel - there are a few references in the interweb about this.
The best I have found is https://forums.linuxmint.com/viewtopic.php?f=42&t=202715
Since the software is already installed and working we're just looking at extending what is already done to cover all the installed software.
This is configured in /etc/apt/apt.conf.d/50unattended-upgrades

The thread tells you how to extract the information you need about the various repos using:-
egrep '^(Origin|Label|Suite|Codename)' /var/lib/apt/lists/*Release

I suggest you use:-
egrep '^(Origin|Label|Suite|Codename)' /var/lib/apt/lists/*Release > repos.txt
This will give you a text file you can scan for the information as there are a LOT of repos in LXLE.

Having removed software I don't use my /etc/apt/apt.conf.d/50unattended-upgrades looks like this

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
    "${distro_id}:${distro_codename}-updates";
    "${distro_id}:${distro_codename}-proposed";
    "${distro_id}:${distro_codename}-backports";
    "LP-PPA-catfish-search-catfish-stable:trusty";
    "LP-PPA-libreoffice:trusty";
    "LP-PPA-linrunner-tlp:trusty";
    "LP-PPA-lxle-stable:trusty";
    "LP-PPA-mdoyen-homebank:trusty";
    "LP-PPA-nemh-systemback:trusty";
    "LP-PPA-nilarimogard-webupd8:trusty";
    "LP-PPA-otto-kesselgulasch-gimp:trusty";
    "LP-PPA-ubuntugames-games:trusty";
    "LP-PPA-videolan-stable-daily:trusty";
    "LP-PPA-webupd8team-y-ppa-manager:trusty";
    "LP-PPA-xubuntu-dev-xfce-4.12:trusty";
    "LP-PPA-ytvwld-syncthing:trusty";
     "Canonical:trusty";
     "Daniel Folkinshteyn:stable";
};

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
    "xserver-xorg";
//    "vim";
//    "libc6";
//    "libc6-dev";
//    "libc6-i686";
};

Punctuation is vital as is testing using:-
sudo unattended-upgrade --verbose --dry-run
this does a verbose dry run

This does work well - just did a huge upgrade this morning after this machine had not been used for a couple of months - didn't even see it happening.